4 matches found
CVE-2025-6754 SEO Metrics <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seometricshandleconnectbuttonclick AJAX handler and the seometricshandlecustomendpoint function in all versions up to, and including, 1.0.15. Because the AJAX action only...
CVE-2025-6754 SEO Metrics <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seometricshandleconnectbuttonclick AJAX handler and the seometricshandlecustomendpoint function in all versions up to, and including, 1.0.15. Because the AJAX action only...
CVE-2025-6754
CVE-2025-6754 (SEO Metrics for WordPress) : The WordPress plugin versions 1.0.5–1.0.15 are affected by privilege-escalation due to missing authorization checks in seo_metrics_handle_connect_button_click() and seo_metrics_handle_custom_endpoint(). An attacker with subscriber-level access can obtai...
WordPress SEO Metrics plugin <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin SEO Metrics versions = 1.0.15...